0

I have a windows 2008 R2 SP1 standard dedicated server and i installed Hyper-V role on it.

I'm serving Hyper-V VPSs on this server and i can't trust virtual nodes. now the broblem is each node can install a sniffer tool like Cain & Abel and sniff other nodes on this server by using MAC SPOOFING and APR Poisoning other nodes.

how can i prevent my virtual nodes to sniff other nodes?

i don't use legacy network adapter on any of my nodes and also i unchecked "enable spoofing of MAC addresses" on all of my nodes but when i run Cain & Abel on one of my nodes and try to sniff other nodes by APR Poisoning method i can sniff those node.

my server have only one physical network adapter then i can create only one virtual network adapter. i found a way that i can prevent this method(MAC SPOOFING and APR Poisoning) by using more than one virtual network on my server to each nodes but many of data centers don't install more than one network adapter that connected to internet then i can't use this way.

also my server firewall and all node firewall are on and also my host os and all of my guest os are update.

abbasb
  • 1

2 Answers2

1

These vulnerabilities are present on any layer 2 segment, virtualization or no - MAC spoofing can be filtered by a hypervisor that knows what it's doing (which is looks like Hyper-V can do in 2008 R2), but ARP poisoning is an inherent risk of being on the same layer 2 segment as a malicious device (there are some options for mitigation, but they're not really applicable in your case).

If you can't trust your VMs, split them into different Vlans - or if they must be on the same layer 2 segment, look into private vlans (which I very much doubt Hyper-V supports).

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
0

I don't run Hyper-V, but can't you setup separate virtual networks for each guest and then have the host route requests to the relevant guest? It's how I'd do it in any other virtualisation system I've ever used.

womble
  • 95,029
  • 29
  • 173
  • 228